NFN Return
Privacy Policy GDPR · EU 2016/679 Datenschutzerklärung
— Data Protection —

Privacy Policy

Last updated: 3 May 2026

This policy explains what personal data we collect when you use neverfnot.com, why we collect it, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

The controller responsible for processing personal data on this website is:

Yannick Swatosch e.U.
Gutenbergstrasse 5
21521 Wohltorf
Germany
E-Mail: hi@neverfnot.com

For any privacy-related request you may contact us at any time using the email address above.

2. Scope

This policy applies to the website neverfnot.com and its subpages. It does not apply to third-party websites linked from our pages.

3. Data We Process

3.1 Server log data

When you access the site, the hosting provider automatically records technical data in server log files for the purpose of delivering the site and protecting it against abuse. This includes:

  • IP address (typically shortened / anonymised within a short retention period)
  • Date and time of the request
  • URL requested, HTTP status code, and amount of data transferred
  • Referring URL, browser type and version, operating system

Legal basis: Art. 6 (1) (f) GDPR — legitimate interest in operating and securing the website.

3.2 Application form (/apply.html)

If you submit an application, we process the following data:

  • First name and email address
  • City, country, and Instagram handle
  • Consent confirmation

Purpose: reviewing your application and contacting you with a decision.
Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures at your request) and Art. 6 (1) (a) GDPR (your consent given via the privacy checkbox).
Retention: up to 12 months after submission, unless a membership or other ongoing relationship is established or legal retention obligations require longer storage.

3.3 Network form (/join.html)

If you join the wider NFN network, we process the following data:

  • Email address
  • First name and city, if provided
  • Consent confirmation

Purpose: adding you to the NFN network list and contacting you with relevant notes or updates.
Legal basis: Art. 6 (1) (a) GDPR — your consent.
Retention: until you withdraw your consent or request deletion.

3.4 Brand request form (/collaborate.html)

If you submit a brand request, we process the following data:

  • Brand name and country
  • Contact name and email address
  • Website or social link
  • Budget range and submitted vision / request text
  • Consent confirmation

Purpose: evaluating the request and contacting you about a potential partnership.
Legal basis: Art. 6 (1) (b) GDPR (steps prior to entering a contract) and Art. 6 (1) (a) GDPR (consent).
Retention: up to 12 months after submission, unless a partnership or other ongoing business relationship is established or legal retention obligations require longer storage.

3.5 Email contact

If you contact us by email (hi@neverfnot.com), we process the information you voluntarily provide in order to respond.
Legal basis: Art. 6 (1) (b) or (f) GDPR.
Retention: until the matter is resolved, and thereafter within applicable legal retention periods.

4. Cookies & Tracking

This website does not use advertising, profiling, or analytics cookies. No tracking scripts (Google Analytics, Meta Pixel, TikTok Pixel, etc.) are loaded.

The site uses sessionStorage (a browser feature, not a cookie) to remember whether you have already seen the intro loading animation. This data never leaves your browser and is automatically deleted when you close the tab.
Legal basis: Art. 6 (1) (f) GDPR / § 25 (2) Nr. 2 TTDSG — strictly necessary for the functioning of the service.

5. Processors & Third Parties

5.1 Hosting & form handling — Netlify

This website is hosted and its forms are processed by Netlify, Inc., 512 2nd Street, Suite 200, San Francisco, CA 94107, USA. When you access the site or submit a form, Netlify will process technical data (IP address, request metadata) and, in the case of forms, your submitted form data.

A data-processing agreement (Art. 28 GDPR) is in place. Transfers to the USA are safeguarded by Netlify’s self-certification under the EU–US Data Privacy Framework (Adequacy Decision of 10 July 2023) and by EU Standard Contractual Clauses as an additional safeguard.

Netlify’s privacy policy: netlify.com/privacy.

5.2 Fonts

Fonts (DM Sans and Instrument Serif) are self-hosted on our server. No connection to Google Fonts, fonts.googleapis.com, or fonts.gstatic.com is established when you visit the site.

5.3 Video

The intro video on the home page is served directly from our own server. No external video provider (YouTube, Vimeo) is embedded and no external cookies are set.

5.4 Social media links

Our footer links to profiles on Instagram and TikTok. These are plain text links; no social plug-ins, pixels, or embeds are loaded. A connection to Meta Platforms or ByteDance is only established if you click the link and navigate to the external site, where the respective provider’s privacy policy applies.

6. International Transfers

Some processors (see section 5) are located outside the EU/EEA, including in the United States. Such transfers take place on the basis of the EU–US Data Privacy Framework (Art. 45 GDPR) and, additionally, Standard Contractual Clauses (Art. 46 (2) (c) GDPR). We ensure an adequate level of data protection for all transfers.

7. Your Rights

Under the GDPR you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure — “right to be forgotten” (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on legitimate interests (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7 (3) GDPR), without affecting the lawfulness of prior processing

To exercise these rights, contact us at hi@neverfnot.com.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a data-protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

The competent supervisory authority for us is:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstraße 98, 24103 Kiel, Germany
datenschutzzentrum.de

9. Security

The website is served over HTTPS using TLS encryption. Form submissions are transmitted over an encrypted connection. Our processors are contractually required to implement appropriate technical and organisational measures under Art. 32 GDPR.

10. Changes to this Policy

We may update this policy from time to time to reflect changes to our services or to the applicable law. The current version can always be found at neverfnot.com/privacy.html.

This English version is provided for convenience. For users based in Germany, the term "Privacy Policy" refers to the Datenschutzerklärung under applicable German and European data-protection law.